[GitHub] [ignite-3] ptupitsyn commented on a diff in pull request #1690: IGNITE-18791 Add SSL Client authentication to REST

Mon, 20 Feb 2023 23:01:20 -0800 


ptupitsyn commented on code in PR #1690:
URL: https://github.com/apache/ignite-3/pull/1690#discussion_r1112625915


##########
modules/rest/src/main/java/org/apache/ignite/internal/rest/RestComponent.java:
##########
@@ -228,11 +242,75 @@ private Map<String, Object> properties(int port, int 
sslPort) {
                     "micronaut.server.ssl.key-store.password", 
keyStorePassword,
                     "micronaut.server.ssl.key-store.type", keyStoreType
             );
+
+            ClientAuth clientAuth = 
ClientAuth.valueOf(sslCfg.clientAuth().value().toUpperCase());
+            if (ClientAuth.NONE == clientAuth) {
+                return micronautSslConfig;
+            }
+
+
+            String trustStorePath = sslCfg.trustStore().path().value();
+            // todo: replace with configuration-level validation 
https://issues.apache.org/jira/browse/IGNITE-18850
+            validateTrustStore(trustStorePath);
+
+            String trustStoreType = sslCfg.trustStore().type().value();
+            String trustStorePassword = sslCfg.trustStore().password().value();
+
+            Map<String, Object> micronautClientAuthConfig = Map.of(
+                    "micronaut.server.ssl.client-authentication", 
toMicronautClientAuth(clientAuth),
+                    "micronaut.server.ssl.trust-store.path", "file:" + 
trustStorePath,
+                    "micronaut.server.ssl.trust-store.password", 
trustStorePassword,
+                    "micronaut.server.ssl.trust-store.type", trustStoreType
+            );
+
+            HashMap<String, Object> result = new HashMap<>();
+            result.putAll(micronautSslConfig);
+            result.putAll(micronautClientAuthConfig);
+
+            return result;
         } else {
             return Map.of("micronaut.server.port", port);
         }
     }
 
+    private static void validateKeyStorePath(String keyStorePath) {
+        if (keyStorePath.trim().isEmpty()) {
+            throw new IgniteException(
+                    Common.UNEXPECTED_ERR,
+                    "Trust store path is not configured. Please check your 
rest.ssl.keyStore.path configuration."
+            );
+        }
+        if (!Files.exists(Path.of(keyStorePath))) {

Review Comment:
   Ok, got it.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to